From 513c49f8550c9268164a4dd570607b2b47ca66cb Mon Sep 17 00:00:00 2001
From: wangyidong <yidong@cnezsoft.com>
Date: Wed, 4 Nov 2015 14:17:20 +0800
Subject: [PATCH]  * change for filter super vars.

---
 framework/helper.class.php | 52 +++++++++++++++++++++++++++++++++++++-
 framework/router.class.php | 20 +++++++++++++--
 2 files changed, 69 insertions(+), 3 deletions(-)

diff --git a/framework/helper.class.php b/framework/helper.class.php
index 5e83930692..e1c4c24995 100644
--- a/framework/helper.class.php
+++ b/framework/helper.class.php
@@ -4,7 +4,7 @@
  *
  * The author disclaims copyright to this source code.  In place of
  * a legal notice, here is a blessing:
- * 
+ *
  *  May you do good and not evil.
  *  May you find forgiveness for yourself and forgive others.
  *  May you share freely, never taking more than you give.
@@ -57,6 +57,7 @@ class helper
      * @param string       $methodName     method name
      * @param string|array $vars           the params passed to the method, can be array('key' => 'value') or key1=value1&key2=value2) or key1=value1&key2=value2
      * @param string       $viewType       the view type
+     * @param string       $onlybody       the view type
      * @static
      * @access public
      * @return string the link string.
@@ -615,3 +616,52 @@ function isonlybody()
 {
     return (isset($_GET['onlybody']) and $_GET['onlybody'] == 'yes');
 }
+
+/**
+ * Process evil params.
+ * 
+ * @param  string    $value 
+ * @access public
+ * @return void
+ */
+function processEvil($value)
+{
+    if(strpos(htmlspecialchars_decode($value), '<?') !== false)
+    {
+        $value       = (string) $value;
+        $evils       = array('eval', 'exec', 'passthru', 'proc_open', 'shell_exec', 'system', '$$', 'include', 'require', 'assert');
+        $gibbedEvils = array('e v a l', 'e x e c', ' p a s s t h r u', ' p r o c _ o p e n', 's h e l l _ e x e c', 's y s t e m', '$ $', 'i n c l u d e', 'r e q u i r e', 'a s s e r t');
+        return str_ireplace($evils, $gibbedEvils, $value);
+    }
+    return $value;
+}
+
+/**
+ * Process array evils.
+ * 
+ * @param  array    $params 
+ * @access public
+ * @return array
+ */
+function processArrayEvils($params)
+{
+    $params = (array) $params;
+    foreach($params as $item => $values)
+    {
+        if(!is_array($values))
+        {
+            $params[$item] = processEvil($values);
+            if(processEvil($item) != $item) unset($params[$item]);
+        }
+        else
+        {
+            foreach($values as $key => $value)
+            {
+                if(is_array($value)) continue;
+                $params[$item][$key] = processEvil($value);
+                if(processEvil($key) != $key) unset($params[$item][$key]);
+            }
+        }
+    }
+    return $params;
+}
diff --git a/framework/router.class.php b/framework/router.class.php
index 678c4758d0..6fe29fda9a 100755
--- a/framework/router.class.php
+++ b/framework/router.class.php
@@ -4,7 +4,7 @@
  *
  * The author disclaims copyright to this source code.  In place of
  * a legal notice, here is a blessing:
- * 
+ *
  *  May you do good and not evil.
  *  May you find forgiveness for yourself and forgive others.
  *  May you share freely, never taking more than you give.
@@ -12,7 +12,7 @@
 
 /**
  * The router class.
- * 
+ *
  * @package framework
  */
 class router
@@ -292,6 +292,7 @@ class router
         $this->setModuleRoot();
         $this->setThemeRoot();
 
+        $this->filterSuperVars();
         $this->setSuperVars();
 
         $this->loadConfig('common');
@@ -468,6 +469,21 @@ class router
         $this->themeRoot = $this->appRoot . 'www' . $this->pathFix . 'theme' . $this->pathFix;
     }
 
+    /**
+     * Filter superVars.
+     * 
+     * @access public
+     * @return void
+     */
+    public function filterSuperVars()
+    {
+        $_POST   = processArrayEvils($_POST);
+        $_GET    = processArrayEvils($_GET);
+        $_COOKIE = processArrayEvils($_COOKIE);
+        unset($_GLOBALS);
+        unset($_REQUEST);
+    }
+
     /**
      * Set the super vars.
      *